What CSF Firewall configuration to use.

[xerox]

Hello there!

I am looking to harden server security to point that its not interfering any real user activity other than hackers.

I would like to know what CSF firewall rulesset do you use and would recommend.

You could paste the entire config here if you can.


Thanks a bunch // Happy holidays!

 

[EthernetServers]

CSF has been developed over many years, and the out-the-box configuration will provide a good base level of security for the majority of users. The problem with going above and beyond the default configuration is that the amount of false-positives are likely to increase, resulting in innocent visitors being blocked, and therefore reduced website traffic/sales/etc.

The best thing you can do is use strong, unique passwords all-round, and ensure that server software (kernel, operating system, other associated packages) and website software (i.e. WordPress) is kept up-to-date, and perhaps even consider closing ports off that you don't need or don't use.

I should note that you actually risk degrading server security by asking others to post their configs here. The reason I say this is because over the years with CSF, many of its default options have changed, and someone who installed CSF 10 years ago is going to have a very different configuration to someone that installed it yesterday, and most likely that configuration won't be as secure.